Late last month Stay Smart Online posted an alert about an SMS phishing scam masquerading as Medicare. The scam sends text messages to people, asking them to click through to a website and hand over their personal information in order to get a rebate.
The SMS phishing messages are being sent to large numbers of people, and anybody could receive the messages.
Mimecast principal technical consultant Garrett O’Hara says SMS phishing scams are on the rise as they are easier to spoof.
“SMS phishing scams are becoming an increasingly attractive tactic for cybercriminals. SMS is an easier way for scammers to pretend they are sending from a well-known business that people know and trust. We will particularly see scammers impersonate entities such as Medicare and myGov, where there is the potential to both target and fool more people,” says O’Hara.
He believes SMS scams are extremely effective because messages aren’t generally scanned by security tools.
He adds that people also intrinsically trust SMS more than email, so the potential for social engineering is built in.
“In the last several years, attackers have been able to spoof the message identification field to the same name as trusted entity, legitimising the appearance of a scammer’s text message,” says O’Hara.
“People must remain vigilant and be suspicious any time personal identifiable information (PII) is requested. Attackers are looking for an outcome so if you’re dealing with a mature attacking crew, they’re likely to use multiple vectors including email – mostly popular with scammers - then SMS, telephone scams and even face-to-face.”
Recipients should remember:
Stay Smart Online offers a few more tips: